15 November 2017

Tom Mackee's family has fallen apart. The impetus was the death of his
uncle Joe in the London tube terrorist bombings, but that was only the
start. He destroyed his chances with the only woman he really loved. His
father's drinking got out of control, his mother left with his younger
sister to live in a different city, and he refused to go with them and
abandon his father. But then, six months later, his father abandoned him
anyway. As this novel opens, Tom collapses while performing a music set,
high on drugs and no sleep, and wakes up to discover his roommates have
been fired from their jobs for stealing, and in turn have thrown him out
of their apartment. He's at rock bottom.
The one place he can turn for a place to stay is his aunt Georgie, the
second (although less frequent) viewpoint character of this book. She was
the one who took the trip to the UK to try to find out what happened and
retrieve her brother's body, and the one who had to return to Australia
with nothing. Her life isn't in much better shape than Tom's. She's kept
her job, but she's pregnant by her ex-boyfriend but barely talking to him,
since he now has a son by another woman he met during their separation.
And she's not even remotely over her grief.
The whole Finch/Mackee family is, in short, a disaster. But they have a
few family relationships left that haven't broken, some underlying basic
decency, and some patient and determined friends.
I should warn up-front, despite having read this book without knowing
this, that this is a sequel to Saving Francesca, set five years
later and focusing on secondary characters from the original novel. I've
subsequently read that book as well, though, and I don't think reading it
first is necessary. This is one of the rare books where being a sequel
made it a better stand-alone novel. I never felt a gap of missing story,
just a rich and deep background of friendships and previous relationships
that felt realistic. People are embedded in networks of relationships
even when they feel the most alone, and I really enjoyed seeing that
surface in this book. All those patterns from Tom's past didn't feel like
information I was missing. They felt like glimpses of what you'd see if
you looked into any other person's life.
The plot summary above might make The Piper's Son sound like a
depressing drama fest, but Marchetta made an excellent writing decision:
the worst of this has already happened before the start of the book, and
the rest is in the first chapter. This is not at all a book about
horrible things happening to people. It's a book about healing. An
authentic, prickly, angry healing that doesn't forget and doesn't turn
into simple happily-ever-after stories, but does involve a lot of
recognition that one has been an ass, and that it's possible to be less of
an ass in the future, and maybe some things can be fixed.
A plot summary might fool you into thinking that this is a book about a
boy and his father, or about dealing with a drunk you still love. It's
not. The bright current under this whole story is not father-son bonding.
It's female friendships. Marchetta pulls off a beautiful double-story,
writing a book that's about Tom, and Georgie, and the layered guilt and
tragedy of the Finch/Mackee family, but whose emotional heart is their
friends. Francesca, Justine, absent Siobhan. Georgie's friend Lucia.
Ned, the cook, and his interactions with Tom's friends. And Tara Finke,
also mostly absent, but perfectly written into the story in letters and
phone calls.
Marchetta never calls unnecessary attention to this, keeping the camera on
Tom and Georgie, but the process of reading this book is a dawning
realization of just how much work friendship is doing under the surface,
how much back-channel conversation is happening off the page, and how much
careful and thoughtful and determined work went into providing Tom a
floor, a place to get his feet under him, and enough of a shove for him to
pull himself together. Pulling that off requires a deft and subtle
authorial touch, and I'm in awe at how well it worked.
This is a beautifully written novel. Marchetta never belabors an
emotional point, sticking with a clear and spare description of actions
and thoughts, with just the right sentences scattered here and there to
expose the character's emotions. Tom's family is awful at communication,
which is much of the reason why they start the book in the situation
they're in, but Marchetta somehow manages to write that in a way that
didn't just frustrate me or make me want to start banging their heads
together. She somehow conveys the extent to which they're trying,
even when they're failing, and adds just the right descriptions so that
the reader can follow the wordless messages they send each other even when
they can't manage to talk directly. I usually find it very hard to
connect with people who can only communicate by doing things rather than
saying them. It's a high compliment to the author that I felt I
understood Tom and his family as well as I did.
One bit of warning: while this is not a story of a grand reunion with an
alcoholic father where all is forgiven because family, thank heavens,
there is an occasional wiggle in that direction. There is also a steady
background assumption that one should always try to repair family
relationships, and a few tangential notes about the Finches and Mackees
that made me think there was a bit more abuse here than anyone involved
wants to admit. I don't think the book is trying to make apologies for
this, and instead is trying to walk the fine line of talking about
realistically messed up families, but I also don't have a strong personal
reaction to that type of story. If you have an aversion to "we should all
get along because faaaaamily" stories, you may want to skip this book, or
at least go in pre-warned.
That aside, the biggest challenge I had in reading this book was not
breaking into tears. The emotional arc is just about perfect. Tom and
Georgie never stay stuck in the same emotional cycle for too long,
Marchetta does a wonderful job showing irritating characters from a
slightly different angle and having them become much less irritating, and
the interactions between Tom, Tara, and Francesca are just perfect. I
don't remember reading another book that so beautifully captures that
sensation of knowing that you've been a total ass, knowing that you need
to stop, but realizing just how much work you're going to have to do, and
how hard that work will be, once you own up to how much you fucked up.
That point where you keep being an ass for a few moments longer, because
stopping is going to hurt so much, but end up stopping anyway because you
can't stand yourself any more. And stopping and making amends is hard and
hurts badly, and yet somehow isn't quite as bad as you thought it was
going to be.
This is really great stuff.
One final complaint, though: what is it with mainstream fiction and
the total lack of denouement? I don't read very much mainstream fiction,
but this is the second really good mainstream book I've read (after
The Death of Bees) that hits its climax
and then unceremoniously dumps the reader on the ground and disappears.
Come back here! I wasn't done with these people! I don't need a long
happily-ever-after story, but give me at least a handful of pages to be
happy with the characters after crying with them for hours! ARGH.
But, that aside, the reader does get that climax, and it's note-perfect to
the rest of the book. Everyone is still themselves, no one gets suddenly
transformed, and yet everything is... better. It's the kind of book you
can trust.
Highly, highly recommended.
Rating: 9 out of 10

13 August 2017

On Thursday at DebConf17, all people interested in using this or that Remote Desktop solution on Debian (as a server, as a client, as both) came together for a BoF.
Sharing about Usage Scenarios
Quite some time we informally shared with one another what technologies and software we use for remote access to Debian machines and what the experiences are.
The situation in Debian and on GNU/Linux in general is that many technical approaches exist, all of them have certain features and certain limitations. The composition of features and limitations finally lead the users to choosing one or another technology as his or her favourite solution.
The Debian Remote Maintainers Team
On the developers' side, Dominik George and I set up a packaging team for Remote Desktop related software in Debian. A packaging team that we invite everyone who is maintaining such software in the widest sense to join: https://qa.debian.org/developer.php?login=pkg-remote-team%40lists.alioth...
'DebianRemote' namespace on the Debian Wiki
For users of Debian, the group agreed, we need an overview page (on wiki.debian.org) that provides an entry point for Debian on the Remote Desktop. An entry point that provides user information as well as developer information.
A skeleton of this wiki page, I have just set up (thanks to Vagrant for taking some notes in Gobby during the BoF): https://wiki.debian.org/DebianRemote
However, the page still contains loads of FIXMEs, so the actual work only now really starts. Fill the template with content (and also adapt the template, if needed).
Everyone with experience and know-how about Remote Desktop on Debian systems is invited to share knowledge and improve this wiki namespace. (I will, at the earliest, start working on Arctica, X2Go and NX passages end of August, but I'll be also happy to find passages having been written down that I can review by then).
Tracking Debian Remote Issues in Debian BTS
At the BoF, also the following suggestions came up: The Remote Desktop experience on a GNU/Linux desktop or terminal server can be affected by all graphical applications available. Often it happens, that a change in this or that graphical application results in problems in remote sessions, but not so in local sessions. We agreed on filing and tagging such bugs accordingly. For new bugs, please file such bugs with the following BTS header at the top of your mail and always explain what remote desktop solution is being used when the bug appears:

Conclusion
Overall, I was quite happy that the BoF has been attended by so many people and to see that there is quite "a lobby" in Debian. Let's dive into the work and make Debian 10 the first Debian, that mentions the Remote Desktop in its release notes.
Let's, in fact, release Debian 10 as the first Debian with the official announcement as an operating system for the Remote Desktop (like the Fedora people did already for Fedora 20).

I realized how attached I am to "IT-Zukunft Schule" and how much it means to me that our kids grow up in a world of freedom and choice. Also and esp. when it comes to choosing your daily communication tools and computer working environment

I met Foteini Tsiami and Alkis Georgopoulos from Greece. They work on LTSP and have deployed 1000+ schools in Greece with LTSP + Debian GNU/Linux + MATE Desktop Environment

I met Vagrant Cascadian who is the maintainer of LTSP in Debian and also a major LTSP upstream contributor

I received a lot of fine feedback that was very encouraging to go on with our local work in Schleswig-Holstein

If you have some more time for watching DebConf talks on video, I dearly recommend the talk given by Alkis and Foteini on their Greek FLOSS success story. If you don't have that much time, please skip through the video until you are at 26:15 and enjoy the map that shows how much Debian + LTSP has spread over all of Greece.
http://meetings-archive.debian.net/pub/debian-meetings/2017/debconf17/lt...
Unfortunately, the schools in Greece are so much smaller than schools in Germany. Most schools there have between 50 and 300 students. So at the Greek schools, it is possible to have a teacher machine being the server for one computer lab. This teacher / server machine provides the infrastructure for a room full of LTSP fat clients (no hard drive inside) and that's it.
For German schools, unfortunately, we need a larger scale setup. German schools often have 800+ students and network services need to be spread over more than one server machine. So, the current approach with one server running LDAP, Kerberos etc. is quite appropriate, but also extendible, possibly on municipality level or on county level.
We (from IT-Zukunft Schule) are quite positive that there will be opportunities for introducing FLOSS approaches more on the county level in Schleswig-Holstein in the near future. So stay tuned...

29 July 2017

Debian Long Term Support (LTS)
This is my monthly working on Debian LTS. This time I worked on
various hairy issues surrounding ca-certificates, unattended-upgrades,
apache2 regressions, libmtp, tcpdump and ipsec-tools.

unattended-upgrades
Speaking of security upgrades brings me to the question of a bug
(Debian bug #867169) that was filed against the wheezy version of
unattended-upgrades, which showed that the package simply
stopped working since the latest stable release, because wheezy became
"oldoldstable". I first suggested using the "codename" but that
appears to have been introduced only after wheezy.
In the end, I proposed a simple update that would fix the
configuration files and uploaded this as DLA-1032-1. This is
thankfully fixed in later releases and will not require such hackery
when jessie becomes LTS as well.

libmtp
Next up is the work on the libmtp vulnerabilities
(CVE-2017-9831 and CVE-2017-9832). As I
described in my announcement, the work to backport the patch was
huge, as upstream basically backported a whole library from the
gphoto2 package to fix those issues (and probably many
more). The lack of a test suite made it difficult to trust my own
work, but given that I had no (negative) feedback, I figured it was
okay to simply upload the result and that became DLA-1029-1.

tcpdump
I then looked at reproducing CVE-2017-11108, a heap
overflow triggered tcpdump would parse specifically
STP packets. In Debian bug #867718, I described how to
reproduce the issue across all suites and opened
an issue upstream, given that the upstream maintainers hadn't
responded responded in weeks according to notes in
the RedHat Bugzilla issue. I eventually worked on a patch
which I shared upstream, but that was rejected as they were already
working on it in their embargoed repository.
I can explain this confusion and duplication of work with:

the original submitter didn't really contact security@tcpdump.org

he did and they didn't reply, being just too busy

they replied and he didn't relay that information back

I think #2 is most likely: the tcpdump.org folks are probably very
busy with tons of reports like this. Still, I should probably have
contacted security@tcpdump.org directly before starting my work,
even though no harm was done because I didn't divulge issues that were
already public.
Since then, tcpdump has released 4.9.1 which fixes the issue, but
then new CVEs came out that will require more work and probably
another release. People looking into this issue must be certain to
coordinate with the tcpdump security team before fixing the actual
issues.

ipsec-tools
Another package that didn't quite have a working solution is the
ipsec-tools suite, in which the racoon daemon was
vulnerable to a remotely-triggered DOS attack (CVE-2016-10396). I reviewed and fixed the upstream patch which
introduced a regression. Unfortunately, there is no test suite or
proof of concept to control the results.
The reality is that ipsec-tools is really old, and should maybe simply
be removed from Debian, in favor of strongswan. Upstream
hasn't done a release in years and various distributions have patched
up forks of those to keep it alive... I was happy, however, to know
that a maintainer will take care of updating the various suites,
including LTS, with my improved patch. So this fixes the issue for
now, but I would strongly encourage users to switch away from
ipsec-tools in the future.

apache2
Finally, I was bitten by the old DLA-841-1 upload I did all the
way back in February, as it introduced a regression (Debian bug #858373). It turns out it was possible to segfault Apache workers
with a trivial HTTP request, in certain (rather exotic, I might add)
configurations (ErrorDocument 400 directive pointing to a cgid script
in worker mode).
Still, it was a serious regression and I found a part of the nasty
long patch we worked on back then that was faulty, and introduced a
small fix to correct that. The proposed package unfortunately
didn't yield any feedback, and I can only assume it will work okay for
people. The result is the DLA-841-2 upload which fixes the
regression. I unfortunately didn't have time to work on the remaining
CVEs affecting apache2 in LTS at the time of writing.

Triage
I also did some miscellaneous triage by filing Debian bug #867477 for
poppler in an effort to document better the pending issue.
Next up was some minor work on eglibc issues. CVE-2017-8804 has a patch, but it's been disputed. since the
main victim of this and the core of the vulnerability (rpcbind) has already been fixed, I am not sure this vulnerability is
still a thing in LTS at all.
I also looked at CVE-2014-9984, but the code is so
different in wheezy that I wonder if LTS is affected at
all. Unfortunately, the eglibc gymnastics are a little beyond me and I
do not feel confident enough to just push those issues aside for now
and let them open for others to look at.

Other free software work
And of course, there's my usual monthly volunteer work. My ratio is a
little better this time, having reached an about even ratio between
paid and volunteer work, whereas this was 60% volunteer work in
march.

Announcing ecdysis
I recently published ecdysis, a set of template and code samples
that I frequently reuse across project. This is probably the least
pronounceable project name I have ever chosen, but this is somewhat on
purpose. The goal of this project is not collaboration or to become
a library: it's just a personal project which I share with the world
as a curiosity.
To quote the README file:

The name comes from what snakes and other animals do to "create a new
snake": they shed their skin. This is not so appropriate for snakes,
as it's just a way to rejuvenate their skin, but is especially
relevant for anthropods since then "ecdysis" may be associated with a
metamorphosis:

Ecdysis is the moulting of the cuticle in many invertebrates of
the clade Ecdysozoa. Since the cuticle of these animals typically
forms a largely inelastic exoskeleton, it is shed during growth
and a new, larger covering is formed. The remnants of the old,
empty exoskeleton are called exuviae.
Wikipedia

So this project is metamorphosed into others when the documentation
templates, code examples and so on are reused elsewhere. For that
reason, the license is an unusally liberal (for me) MIT/Expat
license.
The name also has the nice property of being absolutely
unpronounceable, which makes it unlikely to be copied but easy to
search online.

It was an interesting exercise to go back into older projects and
factor out interesting code. The process is not complete yet, as there
are older projects I'm still curious in reviewing. A bunch of that
code could also be factored into upstream project and maybe even the
Python standard library.
In short, this is stuff I keep on forgetting how to do: a proper
setup.py config, some fancy argparse extensions and so on. Instead
of having to remember where I had written that clever piece of code, I
now shove it in the crazy chaotic project where I can find it again in
the future.

Beets experiments
Since I started using Subsonic (or Libresonic) to manage the
music on my phone, album covers are suddenly way more interesting. But
my collection so far has had limited album covers: my other media
player (gmpc) would download those on the fly on its own and
store them in its own database - not on the filesystem. I guess this
could be considered to be a limitation of Subsonic, but I actually
appreciate the separation of duty here. Garbage in, garbage out: the
quality of Subsonic's rendering depends largely on how well setup your
library and tags are.
It turns out there is an amazing tool called beets to do exactly
that kind of stuff. I originally discarded that "media library
management system for obsessive-compulsive [OC] music geeks", trying to
convince myself i was not an "OC music geek". Turns out I am. Oh
well.
Thanks to beets, I was able to download album covers for a lot of the
albums in my collection. The only covers that are missing now are
albums that are not correctly tagged and that beets couldn't
automatically fix up. I still need to go through those and fix all
those tags, but the first run did an impressive job at getting album
covers.
Then I got the next crazy idea: after a camping trip where we forgot
(again) the lyrics to Georges Brassens, I figured I could start
putting some lyrics on my ebook reader. "How hard can that be?" of
course, being the start of another crazy project. A pull request
and 3 days later, I had something that could turn a beets lyrics
database into a Sphinx document which, in turn, can be turned
into an ePUB. In the process, I probably got blocked from
MusixMatch a hundred times, but it's done. Phew!
The resulting e-book is about 8000 pages long, but is still
surprisingly responsive. In the process, I also happened to do a
partial benchmark of Python's bloom filter libraries. The biggest
surprise there was the performance of the set builtin: for small
items, it is basically as fast as a bloom filter. Of course, when
the item size grows larger, its memory usage explodes, but in this
case it turned out to be sufficient and bloom filter completely
overkill and confusing.
Oh, and thanks to those efforts, I got admitted in the beetbox
organization on GitHub! I am not sure what I will do with that
newfound power: I was just scratching an itch, really. But hopefully
I'll be able to help here and there in the future as well.

Debian package maintenance
I did some normal upkeep on a bunch of my packages this month, that
were long overdue:

filed Debian bug #866786 against cryptsetup to make the
remote initramfs SSH-based unlocking support multiple devices:
thanks to the maintainer, this now works flawlessly in buster and
may be backported to stretch

expanded on Debian bug #805414 against gdm3 and
Debian bug #845938 against pulseaudio, because I had
trouble connecting my computer to this new Bluetooth speaker. turns
out this is a known issue in Pulseaudio: whereas it releases ALSA
devices, it doesn't release Bluetooth devices properly. Documented
this more clearly in the wiki page

filed Debian bug #868728 against cups regarding a weird
behavior I had interacting with a network printer. turns out the
other workstation was misconfigured... why are printers still so
hard?

after playing around with rash tried to complete the packaging
(Debian bug #754972) of percol with this pull request
upstream. this ended up to be way too much overhead and I reverted
to my old normal history habits.

12 May 2017

Two days ago one of the most influential logician of the 20th century has passed away, Gaisi Takeuti ( ). I had the pleasure to meet this excellent man, teacher, writer, thinker several times while he was the president of the Kurt G del Society.
I don t want to recall his achievements in mathematical logic, in particular proof theory, because I am not worth to write about such a genius. I want to recall a few personal stories from my own experience.
I came into contact with Prof. Takeuti via is famous book Proof Theory, which my then Professor, now colleague and friend Matthias Baaz used for teaching us students proof theory. Together with Shoenfield s Mathematical Logic these two books became the foundation of my whole logic education. Now again in print, back then the Proof Theory was a rare precious. Few prints did remain in the library, and over the years one by one disappeared, until the last copy we had access to was my copy where I had scribbled pages and pages of notes and proofs. Matthias later on used these copies for his lectures, I should have written on the back-side!
I remember well my first meeting with Prof. Takeuti: I was on the Conference on Internationalization in 2003 in Tsukuba, long before I moved to Japan. Back then I was just finishing my PhD and without much experience. When I arrived in the hotel, without fail there was a message of Prof. Takeuti inviting me for dinner the following day. We had dinner in a specialty restaurant of his area, together with is lovely wife. I was soo nervous about Japanese manners and stuttered Japanese phrases just to be stopped by Prof. Takeuti pouring himself a glass of sake and telling me: Relax, and forget the rules and fill your own glass when you want to. I am well aware that this liberal attitude didn t extend to Japanese colleagues, where he, descendant from a Samurai family, was at times very, extremely strict.
The dinner was decided upon already, not easy since I was still strict vegetarian back than (now I would have enjoyed the dinner much more!), but for the last course we could decide. I remember with a smile how Prof. Takeuti suggested in Japanese various sweets, just to be interrupted by his wife with No Gaisi, no! . I asked what is going on and she explained that he wants to order a Japanese sweet for me I agreed, and that was probably the worst dish I had in Japan. Slippy noodles swimming in a cold broth, to be picked with chopsticks and put into a semi-sweet soja-sauce. I finished it, but it wasn t good. I should have thought twice when Prof. Takeuti s wife ordered a normal fruit salad.
Scientifically he was simply a genius and famous for not reading a lot but reinventing everything. One of my research areas, G del logics, was reinvented by him as Intuitionistic Fuzzy Logic (for an overview see my talk at the Collegium Logicum 2016: G del Logics a short survey). But I want to recall one of my favorite articles of him: A Conservative Extension of Peano Arithmetic . This was published as part 2 of Volume 17 of Publications of the Mathematical Society of Japan, retypeset pdf is available here, JSTOR page. Therein he develops classical (real and complex) analysis over Peano s arithmetic. He shows that any arithmetical theorem proved in analytic number theory is a theorem in Peano s arithmetic. The proof uses Gentzen s cut elimination theorem, the center piece of modern proof theory.
With Georg Kreisel having passed away in 2015, and now Gaisi Takeuti, we loose two of the greatest, if not the greatest minds in logic.

26 January 2017

I still remember vividly my first visit to Europe, back in 2010. I had just barely gotten off a plane in Hamburg and on to a bus to Lubeck, and struck up a conversation with a friendly, well-educated German classical musician next to me. We soon started to discuss politics and religion. Over the course of the conversation, in response to his questions, I explained I had twice voted against George W. Bush, that I opposed the war in Iraq for many reasons, that I did thought there was an ethical imperative to work to defeat climate change, that I viewed health care as an important ethical and religious issue, that I thought evolution was well-established, and that I am a Christian.
Finally, without any hint of insult intended, and rather a lot of surprise written all over his face, he said:
Wow. You re an American, and a Christian, and you re so . normal!
This, it seems to me, has a lot to do with Trump.
Ouch
It felt like a punch to the gut. The day after the election, having known that a man that appeared to stand for everything that honorable people are against won the election, like people all around the world, I was trying to make sense of how could this happen? As I ve watched since, as he stacks government with wealthy cronies with records nearly as colorful as his own, it is easy to feel even more depressed.
Based on how Trump spoke and acted, it would be easy to conclude that the deplorables won the day that he was elected by a contingent of sexists or racists ascendent in power.
But that would be too simple an explanation. This is, after all, the same country that elected Barack Obama twice. There are a many people that voted twice for a black man, and then for Trump. Why? Racism, while doubtless a factor, can t explain it all.
How Trump could happen
Russ Allbery made some excellent points recently:

[Many Americans are] hurt, and they re scared, and they feel like a lot of the United States just slammed the door in their faces.
The status quo is not working for people.
Technocratic government by political elites is not working for people. Business as usual is not working for people. Minor tweaks to increasingly arcane systems is not working for people. People are feeling lost in bureaucracy, disaffected by elections that do not present a clear alternate vision, and depressed by a slow slide into increasingly dismal circumstances.
Government is not doing what we want it to do for us. And people are getting left behind. The left in the United States (of which I m part) has for many years been very concerned about the way blacks and other racial minorities are systematically pushed to the margins of our economy, and how women are pushed out of leadership roles. Those problems are real. But the loss of jobs in the industrial heartland, the inability of a white, rural, working-class man to support his family the way his father supported him, the collapse of once-vibrant communities into poverty and despair: those problems are real too.
The status quo is not working for anyone except for a few lucky, highly-educated people on the coasts. People, honestly, like me, and like many of the other (primarily white and male) people who work in tech. We are one of the few beneficiaries of a system that is failing the vast majority of people in this country.

Russ is, of course, right. The Democrats have been either complicit in policies damaging to many, or ineffective in preventing them. They have often appeared unconcerned with the plight of people outside cities (even if that wasn t really the case). And it goes deeper.
When s the last time you visited Kansas?
I live in Kansas. The nearest paved road is about a 3-mile drive from my home. The nearest town, population 600, is a 6-mile drive. My governor whom I did not vote for cut taxes on the wealthy so much that our excellent local schools have been struggling for years. But my community is amazing, full of loving and caring people, the sort of people who you know you ll be living with for 40 years, and so you make sure you get along well with.
I have visited tourist sites in Berlin, enjoyed an opera and a Broadway show in New York, taken a train across the country to Portland, explored San Francisco. I ve enjoyed all of them. Many rural people do get out and experience the world.
I have been in so many conversations where I try to explain where I live to people that simply cannot fathom it. I have explained how the 18 acres I own is a very small amount where I am. How, yes, I do actually have electricity and Internet. How a bad traffic day is one where I have to wait for three cars to go past before turning onto the paved road. How I occasionally find a bull in my front yard, how I can walk a quarter mile and be at the creek on the edge of my property, how I can get to an airport faster than most New Yorkers and my kids can walk out the front door and play in a spot more peaceful than Central Park, and how all this is way cheaper than a studio apartment in a bad part of San Francisco.
It is rare indeed to see visitors actually traveling to Kansas as a destination. People have no concept of the fact that my mechanic would drop everything and help me get my broken-down car to the shop for no charge, that any number of neighbors or uncles would bring a tractor and come plow the snow off my 1/4-mile driveway out of sheer kindness, that people around here really care for each other in a way you don t see in a city.
There are people that I know see politics way differently than me, but I know them to be good people. They would also do anything for a person in need, no matter who they are. I may find the people that they vote for to be repugnant, but I cannot say I ve looked this person in the eyes and they are nothing but deplorable.
And so, people in rural areas feel misunderstood. And they are right.
Some perspectives on Trump
As I ve said, I do find Trump to be deplorable, but not everyone that voted for him is. How, then, do people wind up voting for him?
The New Yorker had an excellent story about a man named Mark Frisbie, owner of a welding and fab shop. The recession had been hard on his business. His wife s day-care center also closed. Health care was hard to find, and the long, slow decline had spanned politicians of every stripe. Mark and his wife supposedly did everything they were supposed to: they worked hard, were honest, were entrepreneurial, and yet he had lost his business, his family house, his health coverage, everything. He doesn t want a handout. He wants to be able to earn a living. Asked who he d vote for, he said, Is none of the above an option?
The Washington Post had another insightful article, about a professor from Madison, WI interviewing people in rural areas. She said people would often say: All the decisions are made in Madison and Milwaukee and nobody s listening to us. Nobody s paying attention, nobody s coming out here and asking us what we think. Decisions are made in the cities, and we have to abide by them. She pushed back, hard, on the idea that Trump supporters are ignorant, and added that liberals that push that line of thinking are only making the problem worse.
I would agree; seeing all the talk about universities dis-inviting speakers that don t hew to certain political views doesn t help either.
A related article talks about the lack of empathy for Trump voters.
And then we have a more recent CNN article: Where Tump support and Obamacare use soar together, explaining in great detail how it can be logical for someone to be on Obamacare but not like it. We can all argue that the Republicans may have as much to do with that as anything, but the problem exists.
And finally, a US News article makes this point:

His supporters realize he s a joke. They do not care. They know he s authoritarian, nationalist, almost un-American, and they love him anyway, because he disrupts a broken political process and beats establishment candidates who ve long ignored their interests.
When you re earning $32,000 a year and haven t had a decent vacation in over a decade, it doesn t matter who Trump appoints to the U.N., or if he poisons America s standing in the world, you just want to win again, whoever the victim, whatever the price.
According to the Republican Party, the biggest threat to rural America was Islamic terrorism. According to the Democratic Party it was gun violence. In reality it was prescription drug abuse and neither party noticed until it was too late.

Are we leaving people out?
All this reminded me of reading about Donald Knuth, the famous computer scientist and something of the father of modern computing, writing about his feelings of trepidation about sharing with his university colleagues that he was working on a project related to the Bible. I am concerned about the complaints about the PC culture , because I think it is good that people aren t making racist or anti-semitic jokes in public anymore. But, as some of these articles point out, in many circles, making fun of Christians and conservatives is still one of the accepted targets. Does that really help anything? (And as a Christian that is liberal, have all of you that aren t Christians so quickly forgotten how churches like the Episcopals blazed the way for marriage equality many years ago already?)
But they don t get a free pass
I have found a few things, however, absolutely scary. One was an article from December showing that Trump voters actually changed their views on Russia after Trump became the nominee. Another one from just today was a study on how people reacted when showed inauguration crowd photos.
NPR ran a story today as well, on how Trump is treating journalists like China does. Chilling stuff indeed.
Conclusion
So where does this leave us? Heading into uncertain times, for sure, but perhaps just maybe with a greater understanding of our neighbors.
Perhaps we will all be able to see past the rhetoric and polarization, and understand that there is something, well, normal about each other. Doing that is going to be the only way we can really take our country back.

2 January 2017

While Debconf India is still a pipe-dream as of now, did see that India has been gradually doing it easier for tourists and casual business visitors to come visit India. This I take as very positive development for India itself.
The 1st condition is itself good for anybody visiting India

This should make it somewhat easier for any Indian organizer as well as any participants from any of the member countries shared. There is possibility that this list would even get longer, provided we are able to scale our airports and all and any necessary infrastructure that would be needed for International Visitors to have a good experience.
What has been particularly interesting is to know which ports of call are being used by International Visitors as well as overall growth rate

The Ghojadanga land check post seems to be between West Bengal, India and Bangladesh. Gede Railway Station is also in West Bengal as well. So all and any overlanders could take any of those ways.Even Hardispur Land Check post comes in the Bengal-Bangladesh border only.
In the airports, Delhi Airport seems to be attracting lot more business than the Mumbai Airport. Part of the reason I *think* is the direct link of Delhi Airport to NDLS via the Delhi Airport Express Line . The same when it will happen in Mumbai should be a game-changer for city too.
Now if you are wondering why I have been suddenly talking about visas and airports in India, it came because Hong Kong is going to Withdraw Visa Free Entry Facility For Indians. Although, as rightly pointed out in the article doesn t make sense from economic POV and seems to be somewhat politically motivated. Not that I or anybody else can do anything about that.
Seeing that, I thought it was a good opportunity to see how good/Bad our Government is and it seems to be on the right path. Although the hawks (Intelligence and Counter-Terrorist Agencies) will probably become a bit more paranoid , their work becomes tougher.Filed under: Miscellenous Tagged: #Airport Metro Line 3, #CSIA, #Incredible India, #India, #International Tourism

21 December 2016

What we did at the Debian Edu / Skolelinux gathering in November 2016 in Oslo
From November 25 to 27 some people met in the hackerspace bitraf in downtown Oslo. On Saturday and Sunday we met in the morning and hacked and translated all day until we went for dinners in the evening. Despite the short time I think we managed to get a lot done and had good fun, so I'm hoping we'll have another gathering in 2017!
Debian Edu / Skolelinux is currently in better shape regarding the upcoming Debian release than we ever have been, which is pretty awesome. Today, on December 21st, all our changes are in Stretch, except for debian-edu-artwork.git, which awaits a desktop-base upload to unstable the only thing missing is being able to install Debian Edu using our profiles from official media releasing Debian Edu Stretch on the same day as Debian Stretch would be a huge success though!
These are the notes taken in a pad (thanks riseup!) during the meeting:
Phil Hands worked on

8 November 2016

DebConf16
Firstly, thanks to everyone who came out and added their own uniqueness and expertise to the pool. The feedback received so far has been very positive and I feel that the few problems we did experience was dealt with very efficiently. Having a DebConf in your hometown is a great experience, consider a bid for hosting a DebConf in your city!
DebConf16 Open Festival (5 August)
The Open Festival (usually Debian Open Day) turned out pretty good. It was a collection of talks, a job fair, and some demos of what can be done with Debian. I particularly liked Hetzner s stand. I got to show off some 20 year old+ Super Mario skills and they had some fun brain teasers as well. It s really great to see a job stand that s so interactive and I think many companies can learn from them.

31 October 2016

Here is my monthly update covering what I have been doing in the free software world (previously):

Made a large number of improvements to travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds on every code change:

Updated the SSL certificate for try.diffoscope.org, a hosted version of the diffoscope in-depth and content-aware diff utility. Continued thanks to Bytemark for sponsoring the hardware.

Debian & Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most GNU/Linux distributions provide binary (or "compiled") packages to end users. The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced either maliciously and accidentally during this compilation process by promising identical binary packages are always generated from a given source.

I filed my 2,500th bug in the Debian BTS: #840972: golang-google-appengine: accesses the internet during build.

In order to build packages reproducibly, one not only needs identical sources but also some external and sharable definition of the environment used for a particular build, stipulating such things such as the version numbers of the required build-dependencies.
It is not currently clear how to handle these .buildinfo files after the archive software has processed them and how to make them available to the world so I started development on a proof-of-concept server to see what issues arise in practice. It is available at buildinfo.debian.net.

19.6.0-7 Set supplementary groups when changing uid, add an example systemd .service file to gunicorn-examples, and expand README.Debian to make it clearer what to do now that /etc/gunicorn.d has been removed.

6 May 2016

Two Factor authentication and general improvement of my security infrastructure was long on my todo list. Some month ago I finally purchased a Yubikey NEO from Yubico and try to consistently use it as second factor, as well as gpg signing/encrypting device.
I am trying to get the best out of my Yubikey NEO by using as many of its functionality, in particular: Smartcard for my GNuPG keys, OTP similar to Google Authenticator and similar, as well as challenge-response for additional login security, as well as all that over NFC to not keep keys/passwords on my mobile phone.
While there are loads of guides (see the previous article on GnuPG for some of them), many of them are out-of-date for current distributions and GnuPG etc. So I tried to collect all I could find not the least to have a place to look it up in case I forget it again.
The Hardware
The Yubikey NEO is a great peace of hardware. I not even remotely understand how they manage that this little beast can do all these things and still work out without mixing things up. As far as I understand (please correct me) it has three independent circuits of communication:

Yubikey mode setup
There are several modes, and using the ykpersonalize tool (readily available for Windows, Mac, Linux, and in the Debian package yubikey-personalization) one can program the key to work in a variety of modes. I chose to activate all options by passing in -m86 which stand for OTP/U2F/CCID composite device with MODE_FLAG_EJECT.

which I put into /etc/udev/rules.d/99-yubikeys.rules on Debian. After that another unplug and replug should allow normal user to access the key. This can be checked by calling getfacl on the newly created /dev/hidraw? device.
Using the HID/Challenge-Response mode (slot 2)
If you want to secure your login with an additional second factor, there are several options documented on the Yubico site concerning yubico-pam. Since I cannot be sure to be always online with my laptop, I choose Challenge-Response authentication, and followed one-to-one Yubico s docs Local Authentication Using Challenge Response. Basically it boils down to install libpam-yubico, select mode-challenge-response when asked for configuration. Then one needs to personalizing the key (in particular slot 2) for challenge response with:

It might be a good idea to try this out, and if it works, activate it also for root. But be careful no key no login
Challenge: I am currently searching for a method to replace the second factor of they key optionally with a different authentication method, like a very difficult passphrase. This way I could log in even without my key, but in this case would need the complicated passphrase. From my reading of the pam manuals it seems to be possible, and I am planning to use pam_ssh and a specific login key with a complicated passphrase. I will report back when this is done.
YubiOATH (TOTP) Time based One Time Passwords (aka Google Authenticator style)
Without any setup whatsoever this worked out of the box. I use the Yubico Authenticator on my Android phone, and the dedicated application for the Linux desktop to create second factors for all kind of applications. Currently I am using it with Google login, Github, DropbBox, and WordPress (via the Two Factor plugin which can also be tweaked to use the NEO key as USB key via the FIDO U2F).
Challenge: If I start the Yubico Personalization GUI, I see two free slots so where are the TOTPs computed? That also means that I have one slot free and for now I don t know what to do with it
Yubikey OpenGPG applet setup
The Yubikeys support OpenPGP, and the applet is pre-installed (afaik), meaning you can directly configure the key and upload your keys. Here I use gpg2 (2.1) as it seems to better support card operations. To not interfere with the current gpg setup I use a temporary gpg home:

Warning: The YubiKey NEO only supports 2048bit keys. If you want 4096bit keys you need to use one of the newer YubiKey 4, which gives you this option, but does not have support for NFC, and thus no way to interact with an Android (or other) mobile phone.
Check the correct version of the applet
There has been a bug in an older version of the applet, but since 2 years all keys sold should have a correct applet. You can check by:

Looking at the output one sees D[0000] 01 00 10 which means applet version 1.0.10, which is the first version fixed.
Replace pins of the key
The standard pins are 123456 for the user pin, and 12345678 for the admin pin. These need immediate change!
Warning: When changing the ping the normal pin must be 6 (at least?) digits, and the admin pin 8 (at least?), other gpg2 cannot use the key anymore. No idea why.

After this you need to use the new pins for all changes.
Setup basic data
The key can also save some basic data about yourself, like name, sex, language preferences, login name, and url to obtain the public key. As before start gpg2 and then change these infos in the following way>

Move sub keys to Yubikey
As laid out in the article on GnuPG subkeys, we are having three subkeys for signing, encryption, and authentication. In reality I will practically only use the signing key, but upload all three keys to the card. In the following I expect that you have a setup more or less similar to the one described in the article linked before.
Again, we use GnuPG v2, mostly because it was the version that worked out of the box. In addition, if you are setting up a similar stage like in my GNuPG article with gpg1 keys on the mail server, then you don t want the gpg1 keys being removed.
Basically you must have the Yubikey plugged in and call keytocard after selecting each key in turn (and deselecting it afterwards).
Warning: There is another bug in the GnuPG applet that was fixed in later versions (but not in 1.0.10), namely that not all keys are accepted. This is a bit a pain. I needed to recreate a subkey to obtain a key that can be loaded onto the Yubikey. Unfortunately, Yubico has also stopped/disabled the ability to update applets (although I have to say their documentation is an incredible rubbish with respect to applets and upgrades ).
As before, assume that $MASTERKEY contains the hex id of your master key.

After that your keys are on the Yubikey (and only there!), and GNuPG will require the PIN (user pin) to sign/encrypt documents.
Usage
Many things have been said above, but to sum up when and how I am using the YubiKey now:

Logging into my computer: I need to have the key plugged in, otherwise authentication will not succeed.

TOTP (Google, GitHub, WordPress, DropBox login): I use my mobile (Nexus 6p) and the Yubico Authenticator, touch the phone with the Yubikey, and see the TOTPs in the application windows.

OpenKeychain (Android app) integrates with K-9 Mail signing, encryption and decryption is possible on the mobile via NFC (touching the device with the key)

Conclusions
With this setup I am now quite content, but not completely. What I still want to do is full disk encryption where I need the Yubikey to boot and again, with an alternative for a very long passphrase. At the end, adding a second factor to the login is not really optimal, and only protects you against quick hacks. If the laptop is actually stolen, only full disc protection helps. Access to the hardware always guarantees that one has access to everything on the disc.
Another thing I want to do is re-use the GnuPG key on the Yubikey as ssh key for logging into remote systems. That would mean that I get rid of even more keys on my laptop. But this is still in the work
The other open question is what to use the other available slot of the Yubikey for? I thought about some passwords (possible), but I don t feel to happy about having my password issued with the press of a key.
But all in all, I like the setup much more than before and not having any GnuPG key on the laptop is a big plus.

A second Armadillo release 6.700.6 came out in the 6.700 series, and we uploaded RcppArmadillo 0.6.700.6.0 to CRAN and Debian. This followed the usual thorough reverse-dependecy checking of by now 220 packages using.
This release is a little unusual in that it contains both upstream bugfixes in the same series (see below) but also two nice bug fixes from the RcppArmadillo side. Both were squashed by George G. Vega Yon via two focused pull request. The first ensures that we can now use ARMA_64BIT_WORD (provided C++11 is turned on too) allowing for much bigger Armadillo objects. And the second plugs a small leak in the sparse matrix converter I had added a while back. Nice work, all told!
Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab.
Changes in this release are as follows:

Changes in RcppArmadillo version 0.6.700.6.0 (2016-05-05)

Upgraded to Armadillo 6.700.6 (Catabolic Amalgamator Deluxe)

fix for handling empty matrices by kron()

fix for clang warning in advanced matrix constructors

fix for false deprecated warning in trunc_log() and trunc_exp()

fix for gcc-6.1 warning about misleading indentation

corrected documentation for the solve() function

Added support for int64_t (ARMA_64BIT_WORD) when required during compilation time. (PR #90 by George G. Vega Yon, fixing #88)

Robert Luberda uploaded ispell/3.4.00-5 which make builds of hashes reproducible.

C dric Boutillier uploaded ruby-ronn/0.7.3-4 which will make the output locale agnostic. Original patch by Chris Lamb.

Ximin Luo resubmitted the patch adding the --clamp-mtime option to Tar on Savannah's bug tracker.
Lunar rebased our experimental dpkg on top of the current master branch. Changes in the test infrastructure are required before uploading a new version to our experimental repository.
Reiner Herrmann rebased our custom texlive-bin against the latest uploaded version.

Patches submitted which have not made their way to the archive yet:

#816209 on elog by Reiner Herrmann: use printf instead of echo which is shell-independent.

#816230 on rows by Reiner Herrmann: tell grep to always treat the input as text.

#816232 on eficas by Reiner Herrmann: use printf instead of echo which is shell-independent.

Florent Daigniere and bancfc reported that linux-grsec was currently built with GRKERNSEC_RANDSTRUCT which will prevent reproducible builds with the current packaging.

tests.reproducible-builds.org
pbuilder has been updated to the last version to be able to support Build-Depends-Arch and Build-Conflicts-Arch. (Mattia Rizzolo, h01ger)
New package sets have been added for Subgraph OS, which is based on Debian Stretch: packages and build dependencies. (h01ger)
Two new armhf build nodes have been added (thanks Vagrant Cascadian) and integrated in our Jenkins setup with 8 new armhf builder jobs. (h01ger)

strip-nondeterminism development
strip-nondeterminism version 0.016-1 was released on Sunday 28th. It will now normalize the POT-Creation-Date field in GNU Gettext .mo files. (Reiner Herrmann) Several improvements to the packages metadata have also been made. (h01ger, Ben Finney)

4 March 2016

February 2016 has been a very active month regarding me contributing to the FLOSS world.

Finalizing MATE uploads to Debian with regards to the Beta 1 Freeze of Ubuntu 16.04

Work on RDP related packages in Debian

Work on Debian Edu related packages

Work on Debian LTS

Work on nx-libs (NX v3)

Honouring my Sponsors
I am happy to share that this month's FLOSS work has been sponsored by various sponsors.

Work on the packages mate-dock-applet, topmenu-gtk and getting GIR-support back into libwnck has been sponsored by Martin Wimpress, the main driving force (AFAIK) behind Ubuntu MATE [1].

Work on Debian LTS has been sponsored by the various Debian LTS sponsors proxied through Freexian SARL (thanks to Raphael Hertzog for organizing the paid LTS contributors team via his company) [2].

Work on nx-libs has been sponsored by the Qindel Group [3].

Thanks to all people and companies sponsoring my work on FLOSS projects.
This month's MATE uploads to Debian
With regards to the Beta 1 Freeze date of Ubuntu 16.04 LTS (18th Feb 2016), Martin Wimpress, Vangelis Mouhtsis and I performed quite some work on Debian MATE.
Uploads to Debian unstable:

caja 1.12.4-2 [4]

mate-menu 5.6.8-1 [5]

mate-panel 1.12.2-1 [6]

mate-dock-applet 0.67-3 (NEW) [7]

mate-polkit 1.12.0-3 [8]

eom 1.12.2-1 [9]

pluma 1.12.2-1 [10]

topmenu-gtk 0.2.1+git20151210.8c6108f-2 (NEW) [11]

mate-tweak 3.5.7-1 (latest upload on 2nd of March) [12]

The Debian MATE Packaging Team also took over maintenance of the GTK-2+ legacy package libwnck [13]. The first upload introducing some major changes and package clean-ups caused a slight wave [14] because of a missing dependency in libwnck-dev (that fell victim to some clean-ups in debian/control).
Those issues have been addressed immediately and have now been settled. The main reason for working on a legacy package like libwnck was the need for having gir1.2-wnck-1.0 (back) in Debian. The new MATE dock applet requires the libwnck GIR package to be present at runtime.
One of the novelties in Ubuntu MATE 16.04 LTS will be the option to adapt the look and feel of the MATE desktop to how a Unity-based desktop looks like. Martin Wimpress is giving intense work to providing a dock applet and topmenu support as one alternative among the various Ubuntu MATE desktop experiences provided. The alternative desktop layouts can be configured with the MATE Tweak tool.
Work on RDP related packages
Work on FreeRDP 1.1 as currently in Debian
I finally managed to give some priority (and thus time) to fixing various issues in the freerdp package in Debian [15]. Many people had provided patches and solutions to open issues and I tried to honour as many of those, as possible.
Please note that I had to disable the GStreamer support in FreeRDP for the recent uploads, as the currently used Git snapshot of FreeRDP only supports GStreamer 0.10's API whereas the security team is in the process of having gstreamer0.10-* packages removed from the Debian stretch/unstable archives.
Work on FreeRDP 2.0, coming to Debian soon
Furthermore, Bernhard Miklautz is currently working on a freerdp2 package, which will bring the latest Git snapshot of FreeRDP upstream into Debian (and also re-introduce GStreamer support, based on GStreamer 1.0).
Bernhard invested a lot of time on pushing the current HEAD of FreeRDP upstream [16] towards a FreeRDP 2.x version. Starting with FreeRDP 2.x it will be possible to install different FreeRDP versions on one system without file naming conflicts.
For March 2016, I have doing the final freerdp2 reviewing on my todo list (possibly together with H ctor Or n Mart nez who is highly interested in the RDP backend support in Wayland/Weston), so that we can provide first uploads to Debian experimental sometime the coming month. The packaging progress is continuously discussed on the #freerdp channel on Freenode and can also be viewed on Github [17].
Review of revised XRDP package
Recently, Dominik George from Teckids e.V. [18] contacted me about reviewing their effort of updating the Debian package xrdp, which currently is in ITA state [19]. Feedback has been provided and I am waiting for a ping from his side so that I can take some (ideally) final looks at the package and sponsor the upload.
Work on Debian Edu related packages
This month, I spent a couple of hours of work on several Debian Edu related tasks, some of them induced by problems at local school sites we support.

Upload a new shutdown-at-night package version to Debian unstable [23]

Fix some icon issues in the italc package [24]

Take a first glance at packaging terminal-quest [25]

Playing with the Lego Mindstorm (NXT) tools

Work on Debian LTS
My 8h-portion of work for the Debian LTS Project, I performed at the very end of February. With the Debian squeeze LTS EOL date on 29th February, I saw to finalizing my personal open todos regarding Debian squeeze LTS, which basically was getting two CVE issues fixed in the lxc package [26].
The rest of the work hours has been spent on helping out the Security Team of Debian with open CVE issues in Debian wheezy packages:

Providing a .debdiff for gosa in Debian wheezy (addressing CVE-2015-8771 and CVE-2014-9760)

Investigating an open issue in smarty3 (CVE-2014-8350) and providing a recommendation on how to handle that (which is: pick the latest smarty3 3.1.21-1 from Debian jessie and provide that to users of Debian wheezy)

Taking a first look at pdns regarding a fix for CVE-2014-7210 in Debian wheezy

5 February 2016

Do services like Facebook and Twitter really help worthwhile participation in democracy, or are they the most sinister and efficient mechanism ever invented to control people while giving the illusion that they empower us?
Over the last few years, groups on the left and right of the political spectrum have spoken more and more loudly about the problems in the European Union. Some advocate breaking up the EU, while behind the scenes milking it for every handout they can get. Others seek to reform it from within.
Most recently, former Greek finance minister Yanis Varoufakis has announced plans to found a movement (not a political party) that claims to "democratise" the EU by 2025. Ironically, one of his first steps has been to create a web site directing supporters to Facebook and Twitter. A groundbreaking effort to put citizens back in charge? Or further entangling activism in the false hope of platforms that are run for profit by their Silicon Valley overlords? A Greek tragedy indeed, in the classical sense.
Varoufakis rails against authoritarian establishment figures who don't put the citizens' interests first. Ironically, big data and the cloud are a far bigger threat than Brussels. The privacy and independence of each citizen is fundamental to a healthy democracy. Companies like Facebook are obliged - by law and by contract - to service the needs of their shareholders and advertisers paying to study and influence the poor user. If "Facebook privacy" settings were actually credible, who would want to buy their shares any more?
Facebook is more akin to an activism placebo: people sitting in their armchair clicking to "Like" whales or trees are having hardly any impact at all. Maintaining democracy requires a sufficient number of people to be actively involved, whether it is raising funds for worthwhile causes, scrutinizing the work of our public institutions or even writing blogs like this. Keeping them busy on Facebook and Twitter renders them impotent in the real world (but please feel free to alert your friends with a tweet)
Big data is one of the areas that requires the greatest scrutiny. Many of the professionals working in the field are actually selling out their own friends and neighbours, their own families and even themselves. The general public and the policy makers who claim to represent us are oblivious or reckless about the consequences of this all-you-can-eat feeding frenzy on humanity.
Pretending to be democratic is all part of the illusion. Facebook's recent announcement to deviate from their real-name policy is about as effective as using sunscreen to treat HIV. By subjecting themselves to the laws of Facebook, activists have simply given Facebook more status and power.
Data means power. Those who are accumulating it from us, collecting billions of tiny details about our behavior, every hour of every day, are fortifying a position of great strength with which they can personalize messages to condition anybody, anywhere, to think the way they want us to. Does that sound like the route to democracy?
I would encourage Mr Varoufakis to get up to speed with Free Software and come down to Zurich next week to hear Richard Stallman explain it the day before launching his DiEM25 project in Berlin.
Will the DiEM25 movement invite participation from experts on big data and digital freedom and make these issues a core element of their promised manifesto? Is there any credible way they can achieve their goal of democracy by 2025 without addressing such issues head-on?
Or put that the other way around: what will be left of democracy in 2025 if big data continues to run rampant? Will it be as distant as the gods of Greek mythology?
Still not convinced? Read about Amazon secretly removing George Orwell's 1984 and Animal Farm from Kindles while people were reading them, Apple filtering the availability of apps with a pro-Life bias and Facebook using algorithms to identify homosexual users.